I have been working on a support ticket were customer was getting the following error trying to save Auditing settings.
“Failed to save Auditing settings for server: xxx .Principal xxx does not exist in the directory xxx”.
During auditing configuration , customer had selected, an storage account that was being used by other Azure SQL server to save their auditing logs.
We confirmed that storage account was configured with firewall enabled
The problem came because, identity assignment was not getting saved correctly.
Executing the following query we could see that identity was not getting saved
select * from sys.database_scoped_credentials
The solution was reassign the Identity and resave auditing executing the following PowerShell command
Set-AzSqlServer -ResourceGroupName <NameofTheRG> -ServerName <NameOFTheServer> -AssignIdentityIf server also has TDE with AKV you will need to run :
$server = Get-AzSqlServer -ResourceGroupName rgname -ServerName server
$objectid = $server.Identity.PrincipalId
Set-AzKeyVaultAccessPolicy -VaultName vault -ObjectId $objectid -PermissionsToKeys get, wrapKey, unwrapKey
After apply mitigation, "select * from sys.database_scoped_credentials" output was the following, and auditing configuration could be saved correctly
Enjoy!
Published Feb 18, 2021
Version 1.0
Palomag_MSFT
Microsoft
Microsoft